Sony Sued for Letting Hackers Break Into PlayStation User Database

If you’re a Sony PlayStation user, you probably noticed that you couldn’t connect to the gaming console’s online network for the past ten days or so. Most figured it was probably just a network outage. But as we learned Tuesday — one week into the outage — Sony deliberately pulled the plug on its online network as well as its streaming and on demand content services on April 20. PlayStation’s unencrypted user database was breached, allowing hackers access to info entered by the network’s 77 million users.

The lawsuit (full text), filed in U.S. District Court in San Francisco on behalf of Kristopher Johns, 36, argues that Sony was negligent in allowing the hacker intrusion, which the plaintiff claims never should have occurred in the first place.

“Sony broke its contract and violated its customers’ trust,” Caleb Marker, an attorney representing plaintiffs in the lawsuit, said to the Wall Street Journal.

The class action suit represents a swift response by users to a critical data breach that many think Sony mishandled in failing to communicate the seriousness of the issue to the public for a week. The network was taken offline by Sony on April 20 and it wasn’t until Tuesday, the 26th, that an email was sent to the network’s 77 million worldwide users explaining the reason for the interruption. The email, cross-posted to the PlayStation blog, said:

We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network.

A follow-up post attempted to clarify the reason for the delay in coming clean to users and the public, stating that while Sony learned of the breach on the 20th, it took forensic experts several days to “understand the scope of the breach.”

Sony stands to lose anywhere from millions in lost revenues to tens of billions of dollars in dealing with the consequences, reports VentureBeat. Not to mention an immeasurable blow to the 65-year-old company’s accountability thanks to international scrutiny.

U.S. legislators joined in the outrage Tuesday with Connecticut Senator Blumenthal (D) saying he was “troubled” by Sony’s delay in communicating the breach to users, reminiscent of last week’s Al Franken response to Apple iPhone data collecting reports.

In what security analysts have called one of the worst security breaches in years, it’s possible that everything from usernames to passwords to credit card information may now be in the wrong hands. The Japan-based Sony has yet to comment on the lawsuit. The PlayStation blog posted an FAQ for users regarding the issue on Wednesday. Users whose data may have been breached should be sure to update any password and security info on other accounts and sites so that it is different from the info on their PlayStation Network accounts.